HackDig : Dig high-quality web security articles for hacker

A few weekends ago, my dog bit me. In his defense, it was dark and I had tackled him unexpectedly to stop him from walking off our under-construction, railing-less deck. It hurt, but at the time I didn’t realize how critical my next actions would be. It was late, I had house guests, and I decided to dress the wound myself. But by the following afternoon, my

Working with technical officers and cyber security specialists around the world, our conversations often center around a few key themes – the risk posed by IoT, the difficulty of detecting potentially malicious data transfers, and the overall lack of visibility into user and device activity.These concerns are largely the result of today’s complex and sprawli

As the budget planning season approaches, discussions of how to measure security success to justify resource allocation or expansion return to the agenda. There are plenty of great articles that can help you identify security metrics to demonstrate the value of security programs, but before leaping to the selection of metrics, we must first define success. T

By Understanding the Dark Web, You Can Take a Proactive Approach that Helps Reduce Uncertainty and Improves Overall Cyber ResiliencyThe anonymity offered by the Dark Web, accessed by TOR, creates a safe-haven for malicious actors and criminals. These are the same bad guys that have, or likely will soon, launch a cyberattack on your organization. With the see

The question of banning social media or not is no longer on the table – the social media train has left the station. Organizations that get on board are realizing significant benefits in the new ways it offers to interact with, understand and serve the public. But social media also provides new ways for cyber criminals to perpetrate existing types of cr

Like Many Compliance-driven Efforts, Access Certifications are Often Hastily Implemented to Satisfy Auditors...Line of business (LOB) managers hate access certifications (or recertifications). From their perspective, it’s a bit like asking them to systematically visit every seat in a theater, during the feature film, and act as “theater police”, checking tic

Like leg warmers, data loss prevention (DLP) is back. Unlike leg warmers, DLP is actually cool, increasingly sophisticated, and something, to steal from Tim Gunn, companies will want to make work. As the name implies, DLP is about preventing loss or misuse of data. By various means, including content discovery and analysis, it helps preclude end users from

In late 2014 my company predicted that ransomware attacks would shift from consumers to businesses to extort larger ransoms for unlocking encrypted files. Unfortunately, this prediction has come true. Recent Data from the FBI's Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. IC3 identified

Two decades ago the movie Jerry McGuire premiered and the phrase “show me the money” was launched into the popular lexicon. Today, nimble cyber criminals are motivated by those same words, continually looking for ways to boost profits with the most efficient methods they can devise. In the latest round of attacks, they are hijacking legitimate online r

Organizations are Failing to Take Basic Precautions That Could Keep Attackers Out...If you were a robber which house would you break into: the one with the chain link fence and security cameras, or the one without? This should be a no-brainer. But the message doesn’t seem to translate to the digital world. Historically CIOs/CISOs have had to trade off securi

Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.Every day, applications are created or revised with inherent vulnerabilities that leave the software open to attack. These are not exotic, complex, ingeniously crafted vul

In 2014, we consumers were beset with news of breaches at eBay, Home Depot, and J.P. Morgan Chase. By designating 2014 as “The Year of the Mega-Breach,” the security community had hoped to bring awareness to the challenge of protecting customer data. But it turns out that the breaches of 2015 make the previous year’s ones pale in comparison. There were a cra

Threat intelligence feeds have become a major component of many organizations’ cybersecurity diet. A wide variety of security vendors offer up an equally wide assortment of threat feeds of the latest malware payloads, malicious domains, websites, IP addresses, and host-based indicators of compromise (IoCs). The idea behind these threat feeds is largely the s

As we have seen with cases like the Target breach, failure to adequately investigate and effectively react to security alerts can have devastating consequences for businesses and customers. Security professionals today have to deal with an escalating number of risk alerts to better manage and prioritize alerts and their response to them. This is

With a Better Understanding of What the Future May Hold, Cyber Defenders Can Gain an Upper Hand With the AdversaryPredictions describe a set of events that will or are highly likely to happen in the future; they connote a degree of inevitability. But that isn’t my intent with these predictions about cyber threats. Instead, my goal is to describe how we